将未经授权的用户重定向到未经授权的页面. [英] Redirect unauthorised user to unauthorised page.

问题描述

我正在开发asp.net应用程序.
我已经从ASP.NET配置中创建了用户和角色".两个用户:samip和test，以及两个角色:Administrator和Normal. Samip受管理，测试受Normal影响.

我已经在根web.config文件中使用了FormAuthentication.

Hi I am developing as asp.net application.
I have created Users and Roles from ASP.NET Configuration. Two users: samip and test and Two roles:Administrator and Normal. Samip is under admin and Test is under Normal.

I have used FormAuthentication in root web.config file.

<authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880"  />
</authentication>

我在文件夹中有一个页面(例如setup.aspx)，只有授权的用户或角色可以访问该页面.我在该文件夹中有一个web.config文件，该文件维护了setup.aspx的可访问性，如下所示:

I have a page (say setup.aspx) in a folder in which only authorised user or roles can access that page. And i have web.config file in that folder which maintains the accessiblity for setup.aspx as below:

<configuration>
<system.web>
<authorization>
   <allow roles="Administrator" />
   <deny users="*" />
   <deny users="?" />
   <deny roles="Normal" />
  </authorization>
	</system.web>
</configuration>

现在，我的问题是，当用户测试登录并尝试访问setup.aspx页面时，它重定向到Login.aspx页面，返回URL到setup.aspx.这导致用户测试永远不允许登录，因为该用户无权进入setup.aspx页面.而不是重定向到登录页面.我想在unauthorized.aspx中显示一条友好的消息，说您无权查看此页面".

我该如何实现?
任何帮助将不胜感激.
预先感谢.

Now, my issue is , when user test logs in and tries to access setup.aspx page...it is redirected to Login.aspx page with return url to setup.aspx. This causes, user test to never allow to login, as the user is not authorised to setup.aspx page. Instead of redirecting to login page. I want to show a friendly message in unauthorised.aspx saying " You are not authorised to view this page".

How can i achieve this?
Any help would be really appreciated.
Thanks in advance.

推荐答案

<deny users="*"></deny>

意味着您拒绝所有用户访问！
你必须清除这个！

如果要为未经授权的用户进行自定义导航，则必须将其放置在目标"页面中的page_load方法中！
您可以在用户登录时设置会话，并在目标页面中检查该会话，并且在共享主机时会遇到问题，因为每次添加网站时，它们都会重新启动IIS！
如果您是初中生，最好在应用中使用默认设置！
将您的loginurl属性更改为unauthorized.aspx！

it means you decline all users to access!
you have to clear this!

if you want a custom navigation for your unauthorised user you have to put it in your Destination page, in page_load method!
you can put session when a user log in and check that session in your destination page, and in sharing host it make you a problem because every time they add a website they restart their IIS!
its better to use the default setting in your app if you are junior!
change your loginurl property to unauthorised.aspx!

这篇关于将未经授权的用户重定向到未经授权的页面.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！